Search results

This paper aims to discuss the still immature concept of information governance (IG) from a records and information management (RIM) perspective and attempts to identify some critical aspects, essential elements and challenges, drawing on lessons learned from corporate experience in a global setup.

After a critical consideration of the notion “information governance” the paper reports some issues which turned out to be major barriers to success during IG implementation within a given organisation.

Practical experience highlights the importance of carefully scoping IG frameworks in larger organisations; in particular, balancing the representation of all relevant stakeholders (especially lines of business) and targeting investment in initiatives that foster an information management culture. Equally critical to success is corporate communication which truly values information as a corporate asset and highlights the importance of information lifecycle management rather than technology under the motto “putting the ‘I’ into IT”.

This paper draws on experience from a single case study to discuss some of the cultural factors that influence the design and implementation of IG in general. However, more empirical research is needed in order to broaden the understanding of the impact of IG programmes in real-world organisations.

When implementing IG programmes in global organisations it should not be limited to an IT perspective alone. The biggest challenge is the fact that no department or discipline alone can achieve the desired results. Success is only possible in an orchestrated scenario with clear value propositions for specific business functions.

Based on a small selection of professional literature on the IG approach, the paper presents findings about issues and pitfalls when setting up and implementing an IG programme. It is hoped that it will inspire more exploratory research of this kind from members of the records management community to encourage them to raise the need for IG in their own organisations.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

The increasing prominence of the use of the term information governance (IG) raises fundamental questions about the role and relevance of records management in today’s organisations. As a starting point, this paper aims to explore the relationship between records management and IG by considering both recordkeeping and non-recordkeeping perspectives.

The research discusses literature chiefly from 2013 to the present to shed light on how discussion of the relationship between records management and IG has evolved over the past few years.

A range of perspectives on the relationship between records management and IG was evident and, notably, a lack of direct engagement from the records management community. Taking the positive perspectives that emerged, IG was seen as an opportunity for records management. By contrast, others regarded it as a necessary successor to records management, the latter perceived as too associated with the paper era to be capable of meeting the organisational information needs of today. Equally, others were sceptical about the real difference IG offered, suggesting it was in part a rebranding exercise, which did not necessarily articulate anything fundamentally new.

Defining literature in the broadest sense, this paper offers a high-level review of some of the recent discussions that have taken place in a wide variety of contexts around the relationship between records management and IG. It includes journal articles, books, online discussions from professional forums and listservs, vendor contributions, opinion-pieces and blogs and in particular focuses on presenting a range of viewpoints from individuals operating within various information-related spaces, including records and information management, IG, and information technology. It is hoped that this preliminary research will encourage further engagement on the subject from recordkeeping professionals.

The purpose of this paper is to reveal factors that impact information governance within the mobile technology implementation in organizations in the dual‐use context.

Case study methodology was used and 15 semi‐structured interviews were conducted with records and information management (RIM) and information security professionals from different types of organizations.

There are three main findings. First, stakeholder support is critical to drive the change and leverage organizational security culture. Second, records mobility with data security dimension represents the biggest challenge for RIM stakeholders. Third, mobile strategy and security framework are two must‐win areas for a successful mobile implementation.

The paper does not include any end‐user perspective in interviews and this end‐user context is missing.

Awareness through education and training of employees needs to be given very particular attention in the future mobile implementations. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Finally, mobile strategy needs undergo a very precise and detailed planning process to ensure the right technology acceptance by users.

The paper closes an existing research gap and provides useful insights to record management professionals and practitioners on factors that impact effective information governance implementation within the mobile dual‐use context.

The purpose of this paper is to demonstrate that records management frameworks need to be risk based, flexible and aligned to wider information management objectives. The paper outlines some of the changes, challenges and opportunities now and on the horizon for records managers. The paper argues that through embedding the international information security standard ISO 27001 in conjunction with the records management standard ISO 15489, holistic information governance strategies will be delivered that are responsive to change.

The paper provides a discussion on the challenges facing records and information management professionals and suggests that ISO 27001 provides some of the systems' solutions lacking from ISO 15489.

The alignment of ISO 27001 to ISO 15489 strengthens the delivery of existing records management systems and its drivers. This is critical to build strong information governance programmes, which enable risks to be assessed in an ever‐changing information management world.

Successful implementation of records management requires alignment with wider information standards and strategies to deliver holistic information management and governance.

This research will assist in promoting best practice in records management and information governance.

The purpose of this paper is to assist records managers and information governance professionals to understand the challenges presented by their organization’s use of blockchain distributed ledger technology (DLT).

An extensive literature review was conducted, which revealed a multitude of articles based on research into blockchain DLT, most written from the technology perspective. This paper differs in that it applies a records management lens to an analysis of the records created, registered or stored on a blockchain. A six-stage blockchain records consideration model is provided to illustrate examples of the records management challenges presented by the implementation of blockchain DLT. Questions are posed and recommendations are made to aid the reader in developing a blockchain DLT records management and information governance strategy.

Because there is no one universal configuration for a blockchain DLT solution, each implementation must be analyzed to understand the resultant records management and information governance challenges. A series of questions that should be asked and answered can not only help records management and information governance professionals adapt their policies and practices to the technology but also provide a basis for discussion with those designing the blockchain DLT solutions so they can include records management features in their designs.

This paper contributes an original analysis of the implications of the adoption of Blockchain DLT for records management and information governance programs through the lens of a six-stage Blockchain Records Consideration Model.

Distributed trust technologies, such as blockchain, propose to permit peer-to-peer transactions without trusted third parties. Yet not all implementations of such technologies fully decentralize. Information professionals make strategic choices about the level of decentralization when implementing such solutions, and many organizations are taking a hybrid (i.e. partially decentralized) approach to the implementation of distributed trust technologies. This paper conjectures that while hybrid approaches may resolve some challenges of decentralizing information governance, they also introduce others. To better understand these challenges, this paper aims first to elaborate a framework that conceptualizes a centralized–decentralized information governance continuum along three distinct dimensions: custody, ownership and right to access data. This paper then applies this framework to two illustrative blockchain case studies – a pilot Brazilian land transfer recording solution and a Canadian health data consent sharing project – to exemplify how the current transition state of blockchain pilots straddles both the old (centralized) and new (decentralized) worlds. Finally, this paper outlines the novel challenges that hybrid approaches introduce for information governance and what information professionals should do to navigate this thorny transition period. Counterintuitively, it may be much better for information professionals to embrace decentralization when implementing distributed trust technologies, as hybrid models could offer the worst of both the centralized and future decentralized worlds when consideration is given to the balance between information governance risks and new strategic business opportunities.

This paper illustrates how blockchain is transforming organizations and societies by highlighting new strategic information governance challenges using our original analytic framework in two detailed blockchain case studies – a pilot solution in Brazil to record land transfers (Flores et al., 2018) and another in Canada to handle health data sharing consent (Hofman et al., 2018). The two case studies represent research output of the first phase of an ongoing multidisciplinary research project focused on gaining an understanding of how blockchain technology generates organizational, societal and data transformations and challenges. The analytic framework was developed inductively from a thematic synthesis of the findings of the case studies conducted under the auspices of this research project. Each case discussed in detail in this paper was chosen from among the project's case studies, as it represents a desire to move away from the old centralized world of information governance to a new decentralized one. However, each case study also represents and embodies a transition state between the old and new worlds and highlights many of the associated strategic information governance challenges.

Decentralization continues to disrupt organizations and societies. New emerging distributed trust technologies such as blockchain break the old rules with respect to the trust and authority structures of organizations and how records and data are created, managed and used. While governments and businesses around the world clearly see value in this technology to drive business efficiency, open up new market opportunities and create new forms of value, these advantages will not come without challenges. For information executives then, the question is not if they will be disrupted, but how. Understanding the how as will be discussed in this paper provides the business know how to leverage the incredible innovation and transformation that decentralized trust technology enables before being leapfrogged by another organization. It requires a change of mindset to consider an organization as one part of a broader ecosystem, and for those who successfully do so, this paper views this as a strategic opportunity for those responsible for strategic information governance to design the future instead of being disrupted by it.

This paper presents a novel analytic framework for strategic information governance challenges as we transition from a traditional world of centralized records and information management to a new decentralized world. This paper analyzes these transitions and their implications for strategic information governance along three trajectories: custody, ownership and right to access records and data, illustrating with reference to our case studies.

This paper predicts a large number of organizations will miss the opportunities of the new decentralized trust world, resulting in a rather major churning of organizations, as those who successfully participate in building the new model will outcompete those stuck in the old world or the extremely problematic hybrid transition state. Counterintuitively, this paper argues that it may be much less complex for information executives to embrace decentralization as fast as they can, as in some ways the hybrid model seems to offer the worst of both the centralized and future decentralized worlds with respect to information governance risks.

This paper anticipates broader societal consequences of the predicted organization churn, in particular with respect to uncertainty about the evidence that records provide for public accountability and contractual rights and entitlements.

Decentralized trust technologies, such as blockchain, permit peer-to-peer transactions without trusted third parties. Of course, such radical shifts do not happen overnight. The current transition state of blockchain pilots straddles both the old and new worlds. This paper presents a theoretical framework categorizing strategic information governance challenges on a spectrum of centralized to decentralized in three primary areas: custody, ownership and right to access records and data. To illustrate how decentralized trust is transforming organizations and societies, this paper presents these strategic information governance challenges in two blockchain case studies – a pilot Brazilian land transfer recording solution and a Canadian health data consent sharing project. Drawing on the theoretical framework and case studies, this paper outlines what information executives should do to navigate this thorny transition period.

This study investigates the impact of supply chain governance (SCG, which includes relational governance and contractual governance) on supply chain resilience (SCR) using the information processing theory. Moreover, the study also examines the mediating role of information processing capability and the moderating role of digital technology (DT) deployment.

A total of 288 questionnaires were collected from the Chinese manufacturing industry, and hierarchical regression was used to empirically test the proposed model.

This study reveals that SCG positively impacts SCR. Moreover, information processing capability plays a mediating role between SCG and SCR. Furthermore, the breadth of DT deployment positively moderates the effect of relational governance on information processing capability, and the depth of DT deployment positively moderates the effects of both relational governance and contractual governance on information processing capability.

This study offers a novel perspective that helps to understand the importance of the supply chain-wide information acquired by SCG in respect of improving SCR. Furthermore, this article extends the application of information processing theory by providing empirical evidence of the mediating role of information processing capability and elucidating the moderating role of DT deployment.

This study aims to investigate the quality of disclosure of a cutting-edge reporting tool – integrated reporting (<IR>) – in terms of its effectiveness to report on COVID-19 pandemic information, its ability to provide forward-looking information and risk impact implications, and its quality determinants in challenging times.

Thanks to a content analysis of 247 <IR> for FY20, an integrated reporting disclosure score was developed to assess the disclosure quality provided by the sampled companies. Three research questions were tested through logistic regressions.

Non-financial disclosure activities struggle to provide adequate information in terms of potential future scenarios, risk assessment and forward-looking analyses. However, companies incorporated in “Anglo-Saxon” territories drafted integrated reports of higher quality. More recently, incorporated companies have made a greater effort to measure and report COVID-19 pandemic impacts on environmental, social and governance and business activities, also increasing their risk assessment and mitigation efforts. Concerning the determinants of disclosure quality, leverage, corporate governance structures, country of incorporation and belonging to “high impact” industries all lead to a higher quality of <IR> disclosure.

Examining in detail corporate social responsibility activities and corporate governance integrity is pivotal to orienting strategy towards sustainable trajectories: to do so, corporate reporting and disclosure practices are essential tools. In this context, corporate governance systems that emphasize board diversity are proven, even in disruptive circumstances, to play a crucial role in providing corporate reports of higher quality. High disclosure quality that goes beyond mere financial results is considered to be necessary to remain competitive strategically, socially and environmentally.

This study considers transitive service triads, which consist of three dyads formed by three actors: supplier, logistics service provider and customer, who remain directly linked by one or more of the upstream and downstream flows of products, information and finances. This paper aims to explore the link between information governance, decentralized information technologies and supply chain self-organization, and their resulting impact on network performance in the transitive service triads.

Drawing upon the tenets of the theory of complex adaptive systems and supply chain practice view, this paper involves an empirical investigation that uses survey data gathered from transitive service triads in the European countries. The study uses partial least squares structural equation modeling to estimate the formative-reflective hierarchical component model and test the research hypotheses.

Information governance defines how supply chain information flows are controlled, accessed and used by a focal organization and its business partners. As empirically evidenced in this study, it can be depicted as a latent construct consisting of three distinct dimensions of information custody, information ownership and right to data access. Likewise, the study also indicates that supply chain self-organization, as a second-order construct, consists of three interactive self-organization actions undertaken by specific firms participating in the triadic arrangement. Supply chain self-organization is thus produced by firms that are reciprocally interrelated and interacting, having effects on one another. Furthermore, the study also highlights that information governance creates an environment for applying decentralized information technologies, which then positively affects supply chain self-organization. Finally, the research also empirically operationalizes the construct of network performance within the transitive service triads.

Although the results provide several major contributions to theory and implications for practitioners, the study still demonstrates some methodological constraints. Specifically, although the study uses a relatively large research sample of 350 transitive service triads, it still focuses only on a selected group of industries and is limited to investigating solely a particular type of service triads.

Given the increasing interest in investigating triads, this study examines how information governance and decentralized information technologies support supply chain self-organization to yield network performance in transitive service triads.